• Tag Archives privacy

  • Senate Still Considering Giving FBI More Power to Spy on Browser History

    Posted on by Azrael Comment

    Despite strong opposition in Congress and from the grassroots, the FBI is still pushing to expand its National Security Letter (NSL) authority. The proposed amendments would allow the FBI to serve companies with NSLs and obtain a wide range of Internet records, known as Electronic Communication Transactional Records (ECTRs), including browsing history.

    In addition to a well-documented history of NSL abuse over the last 15 years, the FBI routinely exceeded its authority, claiming for years that it had the power to demand ECTRs with an NSL. It took an intervention [.pdf] by the Justice Department’s Office of Legal Counsel in 2008 to definitively establish that the law did not support those claims. Unfortunately, an amendment, sponsored by Senators John McCain and John Cornyn and vigorously promoted by FBI Director James Comey, would grant the FBI the power to access ECTRs, including information like a users’ browsing history as well as other online records.

    As Senators Ron Wyden and Martin Heinrich explained in Slate, this information reveals a lot about people; it’s “almost like spying on their thoughts.” Giving the FBI power to obtain these sensitive records with an NSL is especially dangerous, because NSLs operate without prior judicial approval and come with a gag order in nearly all cases. In other words, the FBI would be able to secretly demand this revealing information from Internet companies about their users and gag the companies from notifying policymakers, the press, or users themselves.

    Having lost a recent vote on the amendment as part of the Commerce, Justice, Science and Related Agencies Appropriations Act, the amendment’s sponsors are trying to simply bring it up for a vote again. (Similar proposals have also been attached to the 2017 Intelligence Authorization Act and the Email Privacy Act  [.pdf].) Obscuring the significance of these proposals—which would effectively overwrite parts of the Justice Department’s 2008 memo—the FBI Director has described it as a “typo fix.”

    Take a moment now to tell your Senators to vote against expanding NSL powers by opposing McCain amendment 4787. On Monday, July 11, as part of a day of action, Senators Wyden and Heinrich will host a Q&A on Twitter and Facebook to share their concerns. Join them to learn more and hear the latest updates on when the amendment might come up for a vote.

    Source: Senate Still Considering Giving FBI More Power to Spy on Browser History | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • FBI Must Not Sidestep Privacy Protections For Massive Collection of Biometric Data

    Posted on by Azrael Comment

    San Francisco—The FBI, which has created a massive database of biometric information on millions of Americans never involved in a crime, mustn’t be allowed to shield this trove of personal information from Privacy Act rules that let people learn what data the government has on them and restrict how it can be used.

    The Electronic Frontier Foundation (EFF) filed comments today with the FBI, on behalf of itself and six civil liberties groups, objecting to the agency’s request to exempt the Next Generation Identification (NGI) database from key provisions of federal privacy regulations that protect personal data from misuse and abuse. The FBI has amassed this database with little congressional and public oversight, failed for years to provide basic information about NGI as required by law, and dragged its feet to disclose—again, as required by law—a detailed description of the records and its policies for maintaining them. Now it wants to be exempt from even the most basic notice and data correction requirements.

    NGI includes prints and face recognition data from millions of everyday people who’ve committed no crime but have had their biometric data collected when they needed a background check for a job, applied for welfare benefits, registered for immigration, or obtained state licenses to be a teacher, realtor, or dentist. For example, NGI holds millions of photographs searchable through facial recognition and accessible by 20,000 foreign, federal, state, and municipal-level law enforcement agencies.

    The public’s understanding of the FBI’s collection of biometric information is only now coming to light because the agency has been less than forthcoming about its data gathering. In June, the Government Accountability Office published an exhaustive report revealing that the FBI has access to hundreds of millions more photos of Americans than we ever thought and has been hiding that from the public in violation of federal and agency laws for years. Previously, many believed that NGI just contained criminal case records such as fingerprints and mug shots collected during arrests.

    “The FBI has sidestepped the Privacy Act as it has expanded NGI, essentially saying ‘just trust us’ with highly personal and private data,” said EFF Senior Staff Attorney Jennifer Lynch. “But the FBI hasn’t proved itself to be worthy of the public’s trust. Exempting NGI from the Privacy Act will eliminate our rights to access our own records and take action against the government when it make mistakes with that data. The Privacy Act is only the barest of protection for Americans, but the FBI wants to escape from even that basic responsibility.”

    The FBI refuses to recognize accuracy is an issue with face recognition or to publish any data on NGI’s accuracy rates. However, research has shown that face recognition misidentifies African Americans, ethnic minorities, women, and young people at higher rates than whites and men. This means that potential errors within NGI will likely impact people of color more frequently, especially because FBI databases include a disproportionate number of African Americans, Latinos and immigrants, thanks to well-documented racial bias among law enforcement.

    This is why it’s particularly important that people be able to use the Privacy Act to learn about NGI—it ensures that people can access records the FBI has on them and allows them to take the FBI to court, if needed, to correct any inaccurate information.

    “Over 2,000 Americans have signed an EFF petition objecting to the FBI’s exemption proposal, including the vague, incomplete explanation of how the FBI is maintaining our private records,” said Lynch. “Our message to the FBI is that citizens deserve the right to know what information it has on them, and the bureau must beobligated to correct inaccurate data. Its attempt to skirt these rules must be rejected.”

    EFF was joined in its comments by American Civil Liberties Union,Advocacy for Principled Action in Government, Council on Arab-Islamic Relations (CAIR), Fight for the Future, National Immigration Law Center, and National Immigration Project of the National Lawyers Guild.

    Source: FBI Must Not Sidestep Privacy Protections For Massive Collection of Biometric Data | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • Sixth Circuit Disregards Privacy in New Cell Site Location Information Decision

    Posted on by Azrael Comment

    This week, the Sixth Circuit Court of Appeals held, in United States v. Carpenter, that we lack any privacy interest in the location information generated by our cell phones. The opinion shows a complete disregard for the sensitive and revealing nature of cell site location information (CSLI) and a misguided response to the differences between the analog technologies addressed in old cases and the data-rich technologies of today.

    In 2011, the FBI was investigating a string of robberies in and around Detroit. Relying solely on a court order, the FBI got several months of round-the-clock CSLI data on the two defendants in an attempt to link them to the crimes. CSLI are phone company records of cell phone towers your phone connects to at a given time and date.  After the case was appealed to the federal appellate court, we joined the ACLU, the Brennan Center, CDT, and NACDL in arguing that acquiring this sensitive long-term, historical location information without a warrant violated the Fourth Amendment.

    In reaching its contrary opinion, the Sixth Circuit repeatedly relied on old cases addressing much less intrusive “technologies” like letters and landline phones. Perhaps in an attempt to distinguish its earlier privacy-protective opinion in U.S. v. Warshak (which protected emails from warrantless searches), the court based much of its analysis on the distinction between content and “conveyance” information. It determined that CSLI was merely “information necessary to convey” a call, rather than the content of the call itself, and therefore access to CSLI records was not a “search” for purposes of the Fourth Amendment.

    This analysis is a little different from many other cases we’ve worked on where courts have held that because your location information is shared with a “third party” cellphone service provider, you no longer have an expectation of privacy in it (the Sixth Circuit cited to this doctrine as well). Here, the Sixth Circuit seems to be trying to further minimize the sensitive nature of location information by analogizing it to the addressing information on the outside of a single envelope sent through the mail.

    The court also distinguishes CSLI from the GPS tracking at issue in the Supreme Court case U.S. v. Jones, finding that CSLI is not nearly as precise as GPS. However, as we argued in our brief, the CSLI data in this case was precise enough for the government to convince a jury that the defendants were at each of the specific robbery locations. We also noted that the data was precise enough to place one of the defendants at church every Sunday, and we argued that the sheer scope of the data collected by the government—three months of continuous monitoring for one defendant and four months for the other—makes this data just as sensitive as the 28 days of GPS monitoring at issue in Jones.

    In a particularly short-sighted part of the opinion, the court held that, in passing the Stored Communications Act in 1986, Congress somehow already “specifically legislated” on the constitutionality of warrantless law enforcement access to CSLI. Of course, it’s hard to imagine how Congress could have fully comprehended the privacy issues in CSLI, much less specifically addressed them at a time when mobile phones operated on a 1G network, were the size of a person’s head, and cost $3,300.

    The concurring opinion points out many of these shortcomings. It notes that although CSLI is not as precise as GPS, it should nevertheless be analogized to location-tracking cases likeJones because the long-term, comprehensive monitoring possible through access to CSLI distinguishes it from envelope addressing information or business records like credit card information. The concurring opinion concludes that the court should develop a “new test” for technology like CSLI.

    Ultimately, the court seems to shirk its constitutional responsibilities by arguing that because modern technologies “evolve at rates more common to superbugs than to large mammals,” the court was not properly equipped to address the privacy issues raised by CSLI. We think courts are fully equipped to address these issues now, and we hope the defendants decide to petition a larger panel of judges at the court to review this opinion. We’ll be ready with an amicus brief if they do.

    Source: Sixth Circuit Disregards Privacy in New Cell Site Location Information Decision | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged